Privacy Policy

1. Scope and our role

This Privacy Policy ("Policy") applies to personal data processed by AgentNava ("AgentNava", "we", "us") through the AgentNavaKit website, console, API, and SDK (collectively, the "Service"). It is incorporated into our Terms of Service.

For most purposes we act as the data controller of personal data we collect about you as our customer. For Customer Content that you upload or transmit through the Service, we act as a data processor on your behalf, processing such data per your instructions as set out in the Terms of Service and this Policy.

If you are an end user of an agent built by one of our customers, that customer — not AgentNava — is the controller of any personal data you provide. Please contact that customer for their privacy practices.

2. Data we collect

Account data

When you sign up, our identity provider Clerk collects your email address, name, profile image (optional), and authentication credentials. We mirror your Clerk user ID, email, and name into our database so the console can display the correct workspace and route notifications.

Billing data

When you subscribe, Stripe collects your payment method, billing address, and tax identification (where applicable). We never see or store your full payment card number. Stripe shares with us a customer ID, last-four digits, brand, expiration, and the subscription lifecycle events necessary to operate billing.

Customer Content

You provide content when you push specs, configure agents, run chat sessions, and upload knowledge files. We store this content to operate the Service for you. We do not train models on identifiable Customer Content and we do not sell it.

Usage and operational data

We collect API request logs, session counts, latency metrics, error logs, IP addresses, browser/SDK versions, and similar operational telemetry. This data is necessary for billing accuracy, abuse detection, debugging, capacity planning, and improving the Service.

Communications

If you email us or open a support thread, we retain the content of those communications, your contact details, and any attachments.

Cookies and similar technologies

The console uses essential first-party cookies set by Clerk for authentication and session continuity. We do not use cookies for advertising, cross-site tracking, or third-party analytics inside the console. The marketing website at agentnava.com may use a privacy-respecting analytics provider for aggregate page-view counts; see that site's notice for details.

3. How we use data and lawful bases

We use personal data only as needed to operate the Service and run the business. Where the GDPR applies, our lawful bases are:

• Performance of a contract — to provide the Service you signed up for, including authentication, running your agents, returning model output, and billing.
• Legitimate interests — to secure and improve the Service (abuse detection, anti-fraud, latency telemetry, capacity planning), to communicate essential service notices, and to enforce our Terms. We balance these interests against your rights.
• Legal obligation — to comply with tax, accounting, anti-money-laundering, sanctions, and law-enforcement obligations.
• Consent — only where required (for example, optional product emails). You may withdraw consent at any time.

4. Sub-processors

To deliver the Service we share personal data with carefully selected sub-processors, bound by contract to confidentiality and equivalent data-protection standards:

• Cloudflare, Inc. — Workers, D1, Pages: application hosting, edge delivery, and storage.
• Clerk, Inc. — user authentication, session and identity management.
• Stripe, Inc. — payment processing, subscription management, and tax determination.
• OpenRouter, Inc. — routing inference requests to large-language-model providers (Anthropic, etc.). Prompts and conversation history necessary to fulfill a chat request transit OpenRouter to the selected provider.

We will provide reasonable advance notice of material changes to this list. If you bring your own model key (BYOK), inference calls go directly to your selected provider under your account; for those calls, OpenRouter is not in the path.

5. Your prompts and the models

To generate responses, we transmit your system prompt, conversation history, and user message to the model provider via OpenRouter. We do not authorize providers to train models on your prompts; OpenRouter's terms forward this restriction to upstream providers and the major commercial providers (Anthropic, OpenAI, Google) honor it.

Despite this, please do not submit personal data, secrets, or other sensitive content that you would not want logged by a third party. Model providers may retain prompts for abuse-detection windows (typically 30 days) regardless of training restrictions.

6. Retention

We retain personal data only as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements:

• Account, workspace, billing rows: while your account is active; deleted within thirty (30) days of account closure, except where law requires longer retention (for example, transaction records for tax — typically seven years).
• Session transcripts and chat history: while the parent session exists. You may delete a session in the console to remove the underlying transcript.
• Operational logs and request telemetry: thirty (30) days, then aggregated and de-identified.
• Encrypted backups: rolling thirty (30) days for disaster recovery.
• Stripe transaction records: per Stripe's policies and applicable tax/anti-money-laundering law.

We may retain de-identified or aggregated data indefinitely for product analytics and improvement.

7. Security

We maintain administrative, technical, and physical safeguards designed to protect personal data, including: TLS in transit; encryption at rest for D1 databases at the Cloudflare layer; salted SHA-256 hashing of API keys (we never log full keys); principle-of-least-privilege access for staff; and review of sub-processor security practices.

No system is completely secure. By using the Service you accept the residual risk inherent in any internet-based service. If we discover a security incident materially affecting your personal data, we will notify you without undue delay and consistent with applicable law (and within seventy-two (72) hours where required by Article 33 of the GDPR or equivalent).

8. Your rights

Subject to applicable law, you may have the right to access, correct, port, restrict the processing of, object to the processing of, or delete the personal data we hold about you. You may also withdraw consent (where consent is the lawful basis), lodge a complaint with your local data-protection authority, and opt out of the "sale" or "sharing" of personal information under California law (we do not sell or share personal information as those terms are commonly defined).

You can exercise most rights directly through the console — Settings exposes account data; "Delete workspace" cascades a deletion across our D1 database and cancels any active Stripe subscription. For other requests, use the contact form on our Support page; we will respond within thirty (30) days, subject to identity verification. We will not retaliate for the exercise of any privacy right.

9. International transfers

We are based in the United States and process personal data in the U.S., as do our sub-processors. If you are in the European Economic Area, the United Kingdom, or Switzerland, your personal data may be transferred outside that region. We rely on Standard Contractual Clauses, adequacy decisions, or other lawful transfer mechanisms where applicable, and our sub-processors maintain similar commitments.

10. Children

The Service is not intended for, and we do not knowingly collect personal data from, anyone under the age of eighteen (18). If you believe a minor has provided us personal data, please contact us and we will delete it.

11. Do Not Track and Global Privacy Control

We do not respond to browser "Do Not Track" signals because there is no industry consensus on their meaning. We honor the Global Privacy Control (GPC) signal where required by applicable law.

12. Changes

We may update this Policy. We will update the "Effective" date at the top and, for material changes, provide notice through the console or by email at least fourteen (14) days before the change takes effect. Continued use of the Service after the change constitutes acceptance.

13. Contact

For privacy questions or requests, use the contact form on our Support page.

For EU-related data-protection matters, you may contact your local supervisory authority. We have not appointed an EU representative under Article 27 of the GDPR; if you believe one is required for our processing of your data, please contact us at the address above.